Text to 9-1-1

Ransom Attacks

OrElse

 

There are three broad categories of hackers:

  1. Destructive (crash a website, destroy data)

  2. Social Justice (Edward Snowden, WikiLeaks)

  3. Those that want to make a Profit 

One of the popular tactics used by those in category 3  is to hack into a company database (such as Target) and steal credit card information. The hacker can then take these to a “Cyber Pawn Shop” where the list would be published for sale on the ‘Deep Web’

yjYbypU

These ‘Cyber Pawn Shops’ sites will sell credit cards in bulk, the price is normally reduced as they ‘age’ in time. Bottom line- it is better to to steal LOTS of credit card info, which is why a hack such as Target was possibly a large financial score.

Now we are seeing a dramatic increase in Ransom Attacks. The hacker goes into the computer system, takes control and encrypts operational data, demanding payment for a password.

On one level this approach makes better business sense:

  1. Eliminate the middleman (Cyber Pawn Shops)

  2. Hackers set their own price

In some of the recent attacks, systems were simply shut down. Earlier this year a hospital had its medical records encrypted- basically shutting down the hospital (Hollywood Presbyterian Medical Center) until a ransom was paid. Hospitals, schools and cities are estimated to have paid hundreds of millions of dollars to date (source- CHRIS FRANCESCANI- NBC News).

Hackers are also targeting Police Departments nationwide.

A quote from the August 19, 2016 Wall Street Journal article by Robert McMillan:

“According to the U.S. Department of Justice, ransomware attacks have quadrupled this year from a year ago, averaging 4,000 a day. Typical ransomware payments range from $500 to $1,000, according to cyberrisk data firm Cyence Inc., but some hackers have demanded as much as $30,000.” Link

One aspect of this that is of great concern- in many cases these organizations have an IT department and security policy. They have purchased the typical ‘products’ such as firewalls, etc. So how can this be happening?

Today it is estimated that over 90% of the Ransom Hacks enter through a ‘phishing’ email, which an employee ‘clicks on’.

SO- based on the above, we can see two issues:

  1. The phishing email made it through the system

  2. Employees may not be properly trained regarding email security

If you’ve already transitioned to an IP based NG9-1-1 system you are safe- for the moment- as email is not directly connected.

But how about future hacking techniques or 9-1-1 text messages with hyperlinks? 

APCO Project 43, NENA and the FCC Task Force on Optimal PSAP Architecture (TFOPA) are all discussing the issue of security as we transition to IP. We should stay plugged into their ongoing recommendations…

 

 

 

Outbound Text from the PSAP

Indiana

 

This past week I attended the NENA 2016 Conference in Indianapolis, Indiana.

One of the information Breakout Sessions was entitled “New, Now, Wow”. Rob McMullen ENP, the 9-1-1 Director from Vigo County, Illinois, was a member of this panel. Rob informed the audience that Indiana has implemented Text-to-911 statewide, 92 counties, a major accomplishment.

Rob provided the following “Text”data for the past 6 months:

  • Statewide average-  1,400 inbound texts per month
  • The County that includes the City of Indianapolis averages 1,000 of these texts per month
  • The rest of the Counties average 20 texts per month

However, Telecommunicators (those amazing individuals who answer your 9-1-1 call) have started to use the outbound text feature to deal with both abandoned and, excuse the term, “butt dial” calls (averaging 16,000 calls per month statewide) placed to 9-1-1.

butt

The telecommunicators have found that many times by sending a text such as, ‘Did you mean to call 9-1-1?” they will  receive a response, whereas a phone call, in many instances, is not answered. People often do not want to speak with 9-1-1 and admit their error. Many times these calls will result in an unnecessary law enforcement dispatch for follow-up.

This feature is a major addition to Text-to-911 implementations.  It may become a feature that Telecommunicators request, facilitating further adoption of Text-to-9-1-1 across the Country.

 

Text to 9-1-1 and Language Translation

 

text

 

In certain areas of the United States there are large segments of the local population that do not speak English.

In 9-1-1 Call Centers (PSAP’s) today, it is common practice to have a third party language translation service under contract. For example, a 9-1-1 call is received and the call taker does not speak Spanish. It is a simple process to add a Spanish speaking translator to the 9-1-1 call.

Most translation firms offer this service for numerous languages.

We recently held a meeting with Miami-Dade, Broward and Palm Beach counties to discuss the implementation of Text to 9-1-1 on a regional basis. Paul McLaren, of West Safety Services (formerly Intrado) provided a technical overview. I was surprised to learn that -Today- it is not possible to ‘bridge in’ a third party translation service to a 9-1-1 text ( or any third party). There were a number of reasons identified, technical limitations, security, etc.

Here in South Florida, launching an ‘English-Only’ 9-1-1 Text service will need careful consideration and approval.

What would happen if you were working a shift in a 9-1-1 center and, on your screen, you receive a text in a foreign language?

If you have plans to move forward with a Text to 9-1-1 solution in your area, it will be important, in today’s scenario, to educate the public on language availability. You also need an emergency ‘contingency plan’.

Text can certainly be a useful tool, it is important that we understand all of the facts prior to implementation.